From bcc34b85ac8a3f899af65d5e8ac30f7c1458b2d1 Mon Sep 17 00:00:00 2001 From: cphillip Date: Tue, 19 Mar 2002 15:43:40 +0000 Subject: [PATCH] o Update config files from openssh 3.1p1. --- setup/ssh_config | 18 ++++---- setup/sshd_config | 104 ++++++++++++++++++++++++++-------------------- 2 files changed, 68 insertions(+), 54 deletions(-) diff --git a/setup/ssh_config b/setup/ssh_config index 6209354..a8a8d72 100644 --- a/setup/ssh_config +++ b/setup/ssh_config @@ -1,8 +1,9 @@ -# $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $ +# $OpenBSD: ssh_config,v 1.12 2002/01/16 17:55:33 stevesk Exp $ -# This is ssh client systemwide configuration file. See ssh(1) for more -# information. This file provides defaults for users, and the values can -# be changed in per-user configuration files or on the command line. +# This is the ssh client system-wide configuration file. See ssh(1) +# for more information. This file provides defaults for users, and +# the values can be changed in per-user configuration files or on the +# command line. # Configuration data is parsed as follows: # 1. command line options @@ -17,7 +18,7 @@ # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no +# RhostsAuthentication yes # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes @@ -25,11 +26,12 @@ # UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking yes +# StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 -# Cipher blowfish +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ diff --git a/setup/sshd_config b/setup/sshd_config index e1a052a..3eb1987 100644 --- a/setup/sshd_config +++ b/setup/sshd_config @@ -1,80 +1,92 @@ -# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $ - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. -Port 22 +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 -HostKey /etc/ssh_host_key +#HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO # Authentication: -LoginGraceTime 600 -PermitRootLogin yes -StrictModes yes +#LoginGraceTime 600 +#PermitRootLogin yes +#StrictModes yes -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used -RhostsAuthentication no +#RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +#IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no # similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no - -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +#PasswordAuthentication yes +#PermitEmptyPasswords no -# Uncomment to enable PAM keyboard-interactive authentication -# Warning: enabling this may bypass the setting of 'PasswordAuthentication' -#PAMAuthenticationViaKbdInt yes +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes -# To change Kerberos options -#KerberosAuthentication no +# Kerberos options +# KerberosAuthentication automatically enabled if keyfile exists +#KerberosAuthentication yes #KerberosOrLocalPasswd yes -#AFSTokenPassing no -#KerberosTicketCleanup no +#KerberosTicketCleanup yes + +# AFSTokenPassing automatically enabled if k_hasafs() is true +#AFSTokenPassing yes -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no + +# Set this to 'yes' to enable PAM keyboard-interactive authentication +# Warning: enabling this may bypass the setting of 'PasswordAuthentication' +#PAMAuthenticationViaKbdInt yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes #UseLogin no -#MaxStartups 10:30:60 -#Banner /etc/issue.net -#ReverseMappingCheck yes +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no +# override default of no subsystems Subsystem sftp /usr/libexec/sftp-server -- 2.45.1